package cn.woo5.test.securitytest.config;

import org.springframework.http.HttpStatus;
import org.springframework.security.core.Authentication;
import org.springframework.stereotype.Component;

import cn.woo5.test.securitytest.domain.Admin;
import cn.woo5.test.securitytest.domain.CurrentUser;
import cn.woo5.test.securitytest.domain.Staff;

@Component
public class WebSecurity {

  public boolean checkUserId(Authentication authentication, Long id) {
    boolean access = false;

    Object principalObj = authentication.getPrincipal();
    if (principalObj != null && principalObj instanceof CurrentUser) {
      CurrentUser principal = (CurrentUser) principalObj;
      if (principal != null) {
        Object user = principal.getUser();
        if (user != null) {
          if (user instanceof Admin) {
            access = true;
          } else if (user instanceof Staff) {
            Staff staff = (Staff) user;
            Long staffId = staff.getId();
            if (id.equals(staffId)) {
              access = true;
            }
          }
        }
      }
    }


    if (!access) {
      throw new RuntimeException();
    }
    return access;
  }
}
